On Thu, 29 Nov 2018 02:32:23 +1100, Joel Sing <joel@sing.id.au> wrote:
> On Monday 26 November 2018 18:21:56 Daniel Jakots wrote:
> > Hi,
> >
> > Here's the diff to update haproxy to the 1.8 branch.
> > Most of the libressl stuff has been done by jsing (thanks!) but he
> > did the update to 1.8.13 and 13->14 needed some more fiddling. I
> > did them on my own so I guess a review wouldn't hurt.
> >
> > The 1.8 branch brings HTTP/2 and TLS1.3 but maybe the latter won't
> > work because of the libressl vs openssl. I don't know.
>
> TLSv1.3 is not currently supported by LibreSSL, hence the maximum
> that haproxy will negotiate (as a client or server) is going to be
> TLSv1.2. Once LibreSSL supports TLSv1.3 it will automatically start
> working - the code that this disables relates to 0-RTT data, which
> we're unlikely to support (at least initially).
Thanks for the explanation!
> > I'm dogfooding it and so far it's been good.
> >
> > I'll be kind and save some users some trouble: don't try to backport
> > this diff to 6.4, it won't work.
>
> Why do you say that?
OPENSSL_NO_ASYNC as pointed out by tb.
I guess there could be a way to make this update work on 6.4 but let's
just say it will be a friendly reminder for users that development
happens on -current ;)
> > Tests? Comments? OK?
>
> Looks good to me - ok jsing@.
Thanks, I'm going to wait a few more days to let people test it.
Cheers,
Daniel
No comments:
Post a Comment